Added Ephemeral Elliptic Curve Diffie Hellman ciphersuites to SSL/TLS

Made all modifications to include Ephemeral Elliptic Curve Diffie Hellman ciphersuites into the existing SSL/TLS modules. All basic handling of the ECDHE-ciphersuites (TLS_ECDHE_RSA_WITH_NULL_SHA, TLS_ECDHE_RSA_WITH_RC4_128_SHA, TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) has been included.
2013-03-20 14:39:14 +01:00 · 2013-03-20 14:39:14 +01:00 · 41c83d3f67
commit 41c83d3f67
parent 00c1f43743
14 changed files with 676 additions and 334 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -346,8 +346,8 @@ int ssl_derive_keys( ssl_context *ssl )
        handshake->calc_finished = ssl_calc_finished_tls;
    }
 #if defined(POLARSSL_SHA4_C)
-    else if( session->ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-             session->ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
+    else if( transform->ciphersuite_info->cipher ==
+             POLARSSL_CIPHER_AES_256_GCM )
    {
        handshake->tls_prf = tls_prf_sha384;
        handshake->calc_verify = ssl_calc_verify_tls_sha384;
@ -2151,7 +2151,8 @@ int ssl_parse_change_cipher_spec( ssl_context *ssl )
    return( 0 );
 }

-void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
+void ssl_optimize_checksum( ssl_context *ssl,
+                            const ssl_ciphersuite_t *ciphersuite_info )
 {
 #if !defined(POLARSSL_SHA4_C)
    ((void) ciphersuite);
@ -2160,8 +2161,7 @@ void ssl_optimize_checksum( ssl_context *ssl, int ciphersuite )
    if( ssl->minor_ver < SSL_MINOR_VERSION_3 )
        ssl->handshake->update_checksum = ssl_update_checksum_md5sha1;
 #if defined(POLARSSL_SHA4_C)
-    else if ( ciphersuite == TLS_RSA_WITH_AES_256_GCM_SHA384 ||
-              ciphersuite == TLS_DHE_RSA_WITH_AES_256_GCM_SHA384 )
+    else if( ciphersuite_info->cipher == POLARSSL_CIPHER_AES_256_GCM )
    {
        ssl->handshake->update_checksum = ssl_update_checksum_sha384;
    }